Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A device for controlling access to a protected document within an enterprise, the device comprising: a processor; and a memory coupled to the processor, the memory comprising: a security module configured to: generate two copies of a security key for the document, wherein one copy of the security key is stored in the memory and another copy of the security key is sent to a server; encrypt the document using the security key, and generate a protected document based on the encryption of the document; and an access control module configured to: assign access rights to a user for accessing the protected document; delegate the access rights from the user to an other user; lock at least one of the user, the other user, and the protected document; and unlock at least one of the user and the other user such that the access rights are available again to the at least one of the user and the other user.
A device controls access to documents within an enterprise. It includes a processor and memory. The memory has a security module that creates two copies of a security key for a document. One key copy is stored locally, the other on a server. The document is encrypted using the key to create a protected document. An access control module assigns access rights to a user for the protected document, then can delegate those rights to another user. The system can lock either the user or the document, preventing access. The system can also unlock a user to restore their access rights.
2. The device as claimed in claim 1 , wherein the access control module is further configured to: receive an access request from the user for accessing the protected document; compare the access request with the access rights associated with the user; and restrict the user from accessing the protected document based on the comparison.
The device, described in the previous claim, includes an access control module that receives an access request from a user trying to open the protected document. The module compares the access request against the user's assigned access rights. If the request doesn't match the rights, the user is blocked from accessing the protected document. Essentially, the system checks if the user has permission before allowing access.
3. The device as claimed in claim 1 , wherein the access control module is further configured to: receive an access request from the user for accessing the protected document, wherein the access request is a request for opening the protected document; determine if at least one of the user and the protected document is locked; and restrict the user from accessing the protected document based on the determination.
The device, described in the first claim, includes an access control module that receives an access request from a user for opening a protected document. The system checks if either the user or the document itself is locked. If either is locked, the user is prevented from accessing the protected document. This implements a simple lock/unlock mechanism for controlling access.
4. The device as claimed in claim 1 , wherein the access control module is further configured to ascertain at predefined time intervals whether at least one of the user and the protected document is locked.
The device, described in the first claim, includes an access control module that periodically checks if either the user or the protected document is locked. This check happens at predefined intervals. This provides a mechanism to ensure that locks are enforced even if changes are not immediately triggered by a user action.
5. The device as claimed in claim 1 , wherein the access control module is further configured to assign temporary ownership of the protected document to the other user.
The device, described in the first claim, includes an access control module that can assign temporary ownership of a protected document to another user. This gives the other user the privileges of ownership for a limited time.
6. The device as claimed in claim 1 , wherein the access control module is further configured to: receive an access request from the user for accessing the protected document, wherein the access request is a request for opening the protected document; ascertain whether at least one of the user and the protected document is unlocked; determine whether the user is an owner, if at least one of the user and the protected document is unlocked; and decrypt the protected document and allow the user to access the protected document, based on the determination.
The device, described in the first claim, includes an access control module that receives a request from a user for accessing the protected document. It checks if the user or document is unlocked. If unlocked, the system determines if the user is the owner. If the user is the owner, the protected document is decrypted, and the user gains access.
7. The device as claimed in claim 1 , wherein the access control module is further configured to: receive an access request from the user for accessing the protected document, wherein the access request is a request for opening the protected document; ascertain whether at least one of the user and the protected document is unlocked; determine whether the user has temporary ownership and a preset time period of the temporary ownership has expired, if at least one of the user and the protected document is unlocked; compare the access request with the access rights associated with the user, based on the determination; and restrict the user from accessing the protected document based on the comparison.
The device, described in the first claim, includes an access control module that receives a request from a user for accessing the protected document. The system checks if the user or document is unlocked. If unlocked, it checks if the user has temporary ownership and if the allotted time has expired. Based on the ownership status and time, the access request is compared to the user's access rights. If rights don't match, the user is restricted from accessing the document.
8. A computer-implemented method of controlling access to a protected document within an enterprise, the method comprising: receiving an access request by a user for accessing the protected document, wherein the access request is a request for opening the protected document; determining whether at least one of the user and the protected document is locked; rejecting the access request based on the determining, wherein the rejecting comprises restricting the user from accessing the protected document; unlocking the user such that access rights provided to the user are same as assigned before locking the user; and decrypting the protected document using a security key corresponding to the protected document if the user has the right to open the protected document, wherein the security key is retrieved from a server.
A computer-implemented method controls access to protected documents in an enterprise. When a user requests to open a document, the method checks if the user or document is locked. If either is locked, the request is rejected, and the user is blocked. The method can unlock the user, restoring their original access rights. If the user has the right to open the document, the document is decrypted using a security key retrieved from a server.
9. The method as claimed in claim 8 further comprising: ascertaining whether the user has temporary ownership; further ascertaining whether a preset time period of the temporary ownership has expired, if the user has temporary ownership; and determining whether the access request matches with at least one of an access right granted and delegated to the user, if the preset time period of the temporary ownership has expired.
The method described in claim 8 (checking lock status, unlocking users, and decrypting) also includes the following: It checks if the user has temporary ownership. If so, it checks if the temporary ownership period has expired. If the time has expired, it then verifies if the access request matches the rights (either granted or delegated) assigned to the user.
10. A non-transitory computer-readable medium having embodied thereon a computer program for executing a computer-implemented method comprising: receiving an access request by a user for accessing the protected document, wherein the access request is a request for opening the protected document; determining whether at least one of the user and the protected document is locked; rejecting the access request based on the determining, wherein the rejecting comprises restricting the user from accessing the protected document; unlocking the user such that access rights provided to the user are same as assigned before locking the user; and decrypting the protected document using a security key corresponding to the protected document if the user has the right to open the protected document, wherein the security key is retrieved from a server.
A non-transitory computer-readable medium stores a program to control access to protected documents in an enterprise. When a user requests to open a document, the method checks if the user or document is locked. If either is locked, the request is rejected, and the user is blocked. The method can unlock the user, restoring their original access rights. If the user has the right to open the document, the document is decrypted using a security key retrieved from a server.
11. The non-transitory computer-readable medium as claimed in claim 10 further comprising: ascertaining whether the user has temporary ownership; further ascertaining whether a preset time period of the temporary ownership has expired, if the user has temporary ownership; and determining whether the access request matches with at least one of an access right granted and delegated to the user, if the preset time period of the temporary ownership has expired.
The non-transitory computer-readable medium described in claim 10 (checking lock status, unlocking users, and decrypting) also includes the following: It checks if the user has temporary ownership. If so, it checks if the temporary ownership period has expired. If the time has expired, it then verifies if the access request matches the rights (either granted or delegated) assigned to the user.
12. The system as claimed in claim 1 , wherein the access rights include a right to open, edit, copy, and print the document, wherein the access rights for the user are communicated to the server.
The device, described in the first claim, manages access rights that include the ability to open, edit, copy, and print a document. These access rights assigned to the user are communicated to the server for storage and verification.
13. The system as claimed in claim 1 , wherein the access control module is further configured to temporarily assign the access rights to a temporary owner for a preset time period of temporary ownership upon request from the user, wherein the temporary owner gets the access rights of the user, except for a right to change the preset time period of temporary ownership and to grant temporary ownership to others.
The device, described in the first claim, includes an access control module that can temporarily assign access rights to a temporary owner for a set period, upon request from the primary user. The temporary owner gets the user's access rights, except for the ability to change the temporary ownership period or grant temporary ownership to others.
14. The system as claims in claim 1 , wherein the security key comprises a cryptographic key and a document initialization vector.
The device, described in the first claim, utilizes a security key that comprises a cryptographic key and a document initialization vector. This combination ensures secure encryption and decryption of the protected document.
15. The system as claimed in claim 1 , wherein access to the protected document is forcefully terminated if the protected document is open at the time of locking, and wherein a an alert message about the locking is displayed on the secure user interface.
The device, described in the first claim, forcefully terminates access to a protected document if it's open when a lock is applied. An alert message is displayed on a secure user interface to notify the user about the locking event.
16. The system as claimed in claim 1 , wherein delegation of the access rights from the user to the other user is communicated to the server.
The device, described in the first claim, transmits information about the delegation of access rights from one user to another to the server. This ensures the server maintains an accurate record of current access permissions.
17. The system as claimed in claim 1 , wherein locking at least one of the user and other user prevents the at least one of the user and other user from accessing the protected document.
The device, described in the first claim, implements a lock mechanism. Locking a user prevents them from accessing the protected document. This prevents unauthorized access to sensitive content.
18. The system as claimed in claim 1 , wherein locking the protected document prevents all users, except the assignor from accessing the protected document.
The device, described in the first claim, implements a lock mechanism. Locking the protected document prevents all users, except for the assignor (the one who set the access rights), from accessing the document.
19. The system as claimed in claim 1 , wherein the assignor is one of a administrator or an owner.
The device, described in the first claim, defines the assignor role (the one with the ability to set access rights and locks) as either an administrator or an owner of the document.
20. The method as claimed in claim 8 further comprising: determining if the user is an owner of the protected document, wherein the access rights are retrieved and the protected document is decrypted when the user is the owner; determining if the user is a temporary owner of the protected document and if a preset time period of temporary ownership has expired, wherein the access rights are retrieved and the protected document is decrypted when the user is the temporary owner and the preset time period of the temporary ownership has not expired; and determining if the user has a right to open the protected document in the access rights.
The method described in claim 8 (checking lock status, unlocking users, and decrypting) further determines user type: 1) If the user is the document owner, access rights are retrieved, and the document is decrypted. 2) If the user is a temporary owner, it verifies the time hasn't expired, retrieves access rights, and decrypts. 3) It also determines if the user has general rights to open the document.
Unknown
September 2, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.